Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
References
Link | Resource |
---|---|
http://secunia.com/advisories/23556 | Third Party Advisory |
http://securitytracker.com/id?1017465 | Third Party Advisory VDB Entry |
http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml | Vendor Advisory |
http://www.osvdb.org/32579 | Broken Link |
http://www.vupen.com/english/advisories/2007/0030 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-01-04 22:28
Updated : 2024-02-28 11:01
NVD link : CVE-2007-0058
Mitre link : CVE-2007-0058
CVE.ORG link : CVE-2007-0058
JSON object : View
Products Affected
cisco
- network_admission_control_manager_and_server_system_software
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor